literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's required workflow (Phase 2: "Multi-Database Search" in SKILL.md and related scripts like scripts/search_databases.py) explicitly instructs the agent to fetch and aggregate content from open/public sources (PubMed, bioRxiv/medRxiv, arXiv, Semantic Scholar, and even Google Scholar scraping), then read and screen abstracts and full texts as part of decision-making, so untrusted third‑party, user-generated content is directly ingested and can materially influence subsequent actions.